Re: We've been over this

I agree with other posters analogies are weak. However I'm disappointed that they morally approve wiretapping of unencrypted data.

We need to distinguish between the right to connect, and the right to intercept.

It is reasonable to consider an open access point as an invitation to connect.

However, it would be wrong to legally justify the snooping of information merely because the packets are unencrypted. That would set a terrible precedent legitimizing actions like those of phorm.

Even those who somehow disagree with the privacy issue, still have a copyright issue to deal with. After all, even publicly broadcast works are subject to copyright protection. The ability to copy packets cannot entitle google or anyone else to do so against the wish of the owners.

@Giles Jones

Yes, that's a possibility. The opposite is also possible though. A 3rd party compiler could fare better than apple's, particularly for niche applications. There's no evidence either way.

Let's not forget that badly written code will probably perform poorly, apple compiler or not.

Assuming the compilers are on par and developers are competent, then apple's libraries may impose an extra level of indirection which reduce performance when compared to direct compilation. Of course it'd be mad for normal apps talk directly to syscalls in assembler, but I can see circumstances in which it may be reasonable for a 3rd party graphics or rendering library to do so in order to maximize efficiency/performance.

It would be wrong to simply assume 3rd party low level code generators like unity are inefficient or poor in quality. If the pass quality tests, it's silly to ban them on the basis of source language.

@Chris Thomas Alpha

If an app works, uses standard APIs, and passes the quality testing, then the only reason apple would ban such an app is to be control freaks. But we already knew this. It's not like end users give a toss about the programming language.

@myself

Hmm, I did somewhat contradict myself with "free" and "pay for".

What was meant was that there are many of us wouldn't mind providing free public wifi from our own residences and businesses provided that we know we can access free public wifi from elsewhere. There is mutual benefit.

Obviously we'd still have to pay for the wired network, but the point is wired bandwidth is so much cheaper and faster than anything mobile operators could provide. The additional cost to us for adding wifi or wimax access point is inconsequential. We, the public, could build a wireless data network better than any mobile operator.

Free wireless internet

If we really wanted the free wifi to work, we'd take all carriers out of the loop and just allow the public to do it themselves cheaper and more reliably.

The public would be willing and able to pay for and service the network themselves to create an arbitrarily large mesh on top of the wired infrastructure, like the idea behind fon.com.

The problem today is that we're discouraged at every turn. ISPS contractually prohibit it. The legal framework is such that people are liable for other people's traffic on their routers. Home routers rarely allow users to create a new external subnet for public traffic, creating an unnecessary security risk (fon is an exception though).

Those impediments are all easily rectified, but then again, the government's business agenda means it ignores solutions which enable the public to serve itself. So long as government insists on private network ownership, then I'd have to agree with the conclusion that free wifi is not possible.

Re: No such thing as secure

"Just stuff that hasn't been cracked yet."

That's easy to say, but much harder to prove.

Lets only focus on the fundamental security across the wire and not implementation faults, since implementation faults can implicitly be fixed (and therefor contradicts your statement that there is "no such thing as secure").

With regards to PKI, there are two possible cracks.

1. We discover a mathematical way to boil NP complete problems down to polynomial time without the need for brute force.

2. We discover a way to solve NP complete problems quickly, say using a theoretical scalable quantum computer.

In order to back your assertion for PKI, you would have to prove either of the above is feasible.

With regards to quantum encryption, there is theoretically nothing one can do on the line to uncover the data. Quantum entanglement creates a continuous stream of bits which can be used as a one time pad of infinite length.

To prove your assertion for Q-E, you'd need to invalidate the currently accepted principles of quantum mechanics to reproduce the random bit stream.

You may be right, but until you can prove it, the statement is at best an educated guess.

Emulating hardware is slow, which is why vmware has "virtual" accelerated devices that don't even emulate real hardware, they have become a genuine software API. This is a good thing, since it increases performance, but it is looking and behaving more like an ordinary OS.

Actually I think it's pretty sly that they've been able to sell customers an OS without a UI, think of how many technical and political problems they avoid this way.

@DZ-Jay

"Obviously this applies to most all current web search implementations, hence the inclusion in the complaint of Netflix, Google, Apple, and most other web application giants..."

Absolutely, and it is rather unlikely that the developers for any of the defendants have ever seen or used this patent. It's totally absurd for anyone to hold a monopoly on the idea of displaying statistically correlated products to users.

"It is up to the court to determine if this patent describes an obvious device or a practical invention."

Since the USPTO and courts have a very poor track record with their handling of business/software patents thus far, it is difficult to have any confidence in them. If the USPTO had any sense of right and wrong, these types of patents would have been voided from the get go.

Those of us in software field plainly see the USPTO has outlived its usefulness, it's affect in the marketplace contradicts it's mission statement. The artificial software roadblocks are an impediment to progress because the benefits don't come close to justifying the overhead and harm.

These patents are awful

It's absurd to pretend that this work could have been the basis for any innovation. What a waste of human effort to spend time composing or even reading this monstrosity. Hell, it's a waste of 1 and 0 bits even if there were no humans involved. Which is more revolting: that mr allen feels entitled to collect royalties on the work of others, or that the USPTO is on his side?

Re: Not a design flaw...

Since this vehicle is up in the air, I'd assume that radio was not obstructed, but merely out of range.

If this is the case, I would think that the craft should report with a low signal condition before a complete loss occurs.

If not, it might even be a viable precaution to deliberately turn down the signal so that it enters no signal mode before being truly out of range. The operator could then boost the signal to give it instructions to come home.

I'm a little surprised this military gadget doesn't have a satellite transponder for this sort of thing.

Second rate technology

"Intel CEO Paul Otellini believes that the US is heading towards a second-rate status as a technology leader, and it's the Obama administration's fault."

The US has been heading towards a second rate status as a technology leader long before the obama administration was in office.

For over a decade, big business and government put the pedal to the medal offshoring technology and jobs in hopes of being competitive and maximizing return on investment. It's only in recent years we're beginning to see significant the ramifications of that behavior. Maybe corporate headquarters did well, but everywhere else the US has lost a lot of ground with offshoring and lack of investment.

Otellini is partially right to blame the government, but corporations including intel need to share the blame for failing to invest domestically. Did anyone really think that funneling investments overseas would not affect the domestic ecosystem?

@Sirius Lee

Software has been patentable for years in the US, the supreme court merely confirmed that fact.

You seem to think all developers based in the US, such as myself, have more opportunities because of software patents, but you've completely ignored the negative side of software patents which I've listed, not to mention the cost and uncertainty of endless litigation. Every stupid little algorithm in a program is at risk of infringement. Even one algorithm may have different patent statuses in various contexts (such as desktop versus phone).

It is unrealistic for all developers (particularly small ones) to cross reference their own software with all the issued software patents. Not only would this reduce development to a screeching halt, but more resources are needed to re-implement and remove features to eliminate the infringement.

Thankfully in the US we can get by ignoring software patents until our profits go above radar. But it is fundamentally stupid to support any law on account that it's poor enforcement in practice helps minimizes it's harms.

Furthermore, software patents place knowledgeable developers (with regards to the law) in a situation where they simply do not know whether they're infringing or not. This type of uncertainty should not be codified into law.

Perhaps the kids are smarter than given credit for

Computer science skills such as programming aren't valued like they used to be. Computer programming has absolutely lost it's prestige. Entry job requirements are insanely high compared to a decade ago. There's no guaranty of jobs, very high visibility corporations keep offshoring so many jobs.

There's only so long this can go on before kids wisen up and see that it's more profitable to manage the STEM types than to become them.

Good news

I'd like to see ARM make a dent in intel's monopoly.

It's interesting to note how ARM is tackling the 32bit limitations by using techniques very similar to 32bit x86 large page extensions intel used on the pentium where an individual process had a 32bit limit, but multiple processes could have completely different 32bit address spaces up to 64GB.

So it would seem that 64bit is difficult to achieve. I'd like to point out that even on x86-64, the full address space isn't implemented in silicon:

/proc/cpuinfo

address sizes : 36 bits physical, 48 bits virtual

People assume more bits is better, however one should not ignore that the extra transistors consume more power, cause extra heat, and incur a performance penalty, ARM's decision to keep 32bits may have been along these lines.

Re: Sigh... @Lou

"Want to bet? You seem to be on track when you mention PS3 or XBox. ;-)"

Doesn't seem like you read my whole post: "As long as android is an open os on open hardware, there is no DRM google can add which users cannot remove."

Sure they could lock down the handsets and only permit apps cryptographically signed by google, but that totally overlooks the value of android as an open platform. Having an open platform is more important to google and it's users than DRM is. Until that changes, there is absolutely nothing an app developer can ultimately do to stop a determined hacker willing to reverse engineer some code.

"the point is that your security only has to be strong enough that its not worth the effort to break."

Security by obscurity may work for unpopular apps that are unlikely to receive the attention of a skilled hacker, but it's unwise to bet on it, especially when hundreds or thousands of apps will be sharing the same obscurity techniques.

@Old Tom

What if the DRM itself is crap? Surly that's a legitimate excuse.

Believe it or not, in the US, copyright is a two way street.

Consumers have the right to make backup copies. We have the right to play our media in private on any machine we want without limit. We're even explicitly allowed to legally copy arbitrary pieces for public discussion (though not entire works).

Make no mistake, DRM is becoming more and more about controlling what consumers can do with their own property rather than protecting copyrighted works from illegal copying. As usual, DRM hurts legitimate users but does very little to stop the serious infringer.

@Ian Michael Gumby

Any app which must decode/verify itself before running is intrinsically vulnerable regardless of how much verification is done within the app.

Like the skype client (notorious for obfuscation), reverse engineers will always be able to break that "DRM" since it's not truly cryptographically secure (the keys are obviously present in the app).

This is different from say the PS3 or XBOX (and I suspect the iphone), where the operating system checks the cryptographic signature on an application before running it. No amount of reverse engineering on the application will defeat OS based DRM.

Furthermore, if the OS is rooted (as I suspect is common with android users), then the user could simply disable the OS based DRM.

All this was well known to microsoft when they had their paladium hardware initiative a few years back. It was unpopular because PC users hate handing ms the keys to their own hardware (more than they already do).

So I disagree about there being any fix, much less an obvious one that isn't a cat & mouse game. As long as android is an open os on open hardware, there is no DRM google can add which users cannot remove.

@Giles Jones

"But it's a fundamental problem with Java, you can easily reverse engineer it."

Same with .net CLR or android's register based alternative to java bytecode.

The intentions of the "byte code" are clear and therefor it's trivial to reverse engineer each function call. It's generally a good thing since it makes the code portable. A JIT compiler can always optimize for the processor it's currently running on, even with old programs.

Regardless of the merits of byte code versus machine code, I doubt an x86 (or ARM or PPC) implementation would have changed the end result for this "DRM".

Re: Xen scales rather well

For people running virtual machines on the desktop, KVM is far easier than XEN. XEN requires major customizations to the host OS.

I realize that XEN is targeting servers, but I could not get video drivers working properly with XEN on the desktop, and fairly or not, it left me with a bad taste.

Contrast that with KVM, one can trivially boot a KVM virtual machine off a cdrom or hard disk. It's a one-liner with no config files. My personal preference is that the virtual instances will run as well on my desktop as they do on the server, KVM does that naturally.

@VoodooTrucker

Totally agree, I blame all the corporate stagnation on too much control and lack of competition. Manufacturers and operators have colluded to lock out independent innovation.

Years ago I read about all the cool things one could develop on a bluetooth enabled phone. I downloaded an SDK and was ecstatic about the possibilities as I ran the examples on a virtual phone. However it was when I tried to download it to a real phone that I discovered how nokia and at&t simply disabled major functionality of the phone for third party developers.

I can't help but think of all the innovation consumers have lost out on because of greedy corporate control via DRM, which one may observe has ever less to do with copyrights and more to do with ending user control. If today's culture was more open, as it was for the original PC, then secure payments via cell phones would already be available to the public.

Re: Umm...

The courts confirmed that jailbreaking is legal. This isn't nearly as significant as one might initially think.

It just means apple (or sony, or tivo, etc) cannot sue it's customers for jailbreaking their own devices. However apple are under no obligation to support them once they do. It remains apple's prerogative to block jailbroken devices from their services if they so choose to turn their backs on these paying customers.

As for remotely killing a jailbroken phone, that's a major invasion of customer rights in my opinion. I'm guessing that the "R&D" on this patent predates the new ruling. They might not have filed it as they did had they known that jailbreaking was to be made expressly legal.

Thanks for the technical articles.

Diversification

I'm all for diversification of hardware. It gives us more choice, which is always a good thing. But let's face it, we were too cheap to pay a premium for Sun hardware when commodity x86 hardware could do the same thing at a lower cost.. Our aggregate behavior killed Sun.

Where Sun failed, ARM has a chance to enter the commodity server market with competitive pricing. Granted they're starting with low end consumer products and still need to fix the performance gap, but I hear that's in the works.

If they can build up their scales of economy, then x86 might finally have a viable competitor.

Not quite right

I've got no problem with intel trying to get further into the software ecosystem. And there's no doubting that the software industry is plagued by major security deficiencies at nearly every bend. Despite the widespread publicity, we're still fighting with the same vulnerabilities being implemented over and over again.

However, I am having trouble seeing why any of mcafee's product line should be developed in silicon. They sell a security solution which intercepts attacks before they reach microsoft's holes, which is good, but we still need the os/app to fix the root cause.

@Anonymous Coward, Re: I don't think you do understand the argument.

"Yes sure, not a major gaping hole, but a pointless giving away of information which shouldn't be given away."

While the login page does reveal the fact of whether an email has been registered or not, it does not reveal anything not already searchable elsewhere.

For instance, upon registration, facebook will search my webmail account for any "friends" that have been registered in facebook. Knowing that contacts are on facebook is a very practical and desirable feature. Eliminating this feature would make social networking painful to use legitimately.

If you're trying to keep your email address in a bottle, then social networking probably isn't for you. If you're that concerned about people finding you then just setup an alternate email.

Re: You obviously have no understanding of security.

"The *only* safe response is along the lines of 'Permission denied. Please try again."

Of course I understood the argument. The point is, an email address is already public information. Think of all the people who have it: friends, coworkers, employers, banks, recruiters, e-stores, spammers, ISPs, websites, etc. Any one of these could be a wolf in sheep's clothing.

A secure system does not depend on the confidentiality of an email address. If the use of a public email address breaks the security of a website, then the website's security is broken.

Get used to it; an email address can not, never has, never will be considered secure. It would be folly to pretend it is.

"Even better security is when the OS disables that login device after 3 or so failed login attempts and leaves it disabled"

When implemented exactly this way, it's ripe for abuse through denial of service attacks. Consider a large site with millions of active users, a bot could easily go disabling accounts, pissing off legitimate users and admins. A better approach is to throttle the logins so that brute force attacks are impossible. The system can alert the admins and block attacker's ip addresses.

Re: Absolute idiots

"Most systems (e.g., ftp and ssh servers) stopped leaking data this way about twenty years ago. There is no excuse whatsoever for designing the login page this way."

One plausible excuse is that it aids the users in identifying login issues.

This is similar smtp systems which bounce bad addresses. They reveal information about existing accounts, but there's no denying they serve a useful purpose too.

Regardless of that though there is an important difference between a facebook account and an ssh account. Facebook is intended to be a communications medium. It's necessary to know who else is on to provide a reasonable experience. Users who sign up wanting the fact of their registration to remain private should use a false email account in the first place.

Granted, it's not necessary to reveal other users through the login page, but at some point users have a reasonable expectation to find out whether someone else is registered or not. Therefor, this "hack" doesn't reveal any additional information that wouldn't otherwise be available elsewhere.

Re: What do they have to do?

I thought the article was thorough, but anyways...

When any advertiser starts advertising on google, clearly (however the secret bidding works) the other advertisers will have to start bidding more to keep their visibility. This is no different if the new advertisers are invented by google.

Google should ensure that, when placing it's own ads into the system, they don't not interfere with the bidding price for other advertisers. Otherwise that manipulation is at odds with the stated fairness of their ad auction process.

Re: obtuse

"You're advocating that a company's best defense against patent suits is to hire an army of lawyers to permanently go to war against the patent office."

Not really, the defensive patent argument goes more like this:

If I get sued or threatened on patent infringement, those having patents are in a more powerful position to counter sue or negotiate a cross license instead of paying royalties.

Some people say open source devs should acquire patents and donate them to an organization like the FSF to help open source developers defend themselves.

The fault with this argument is that acquiring patents cost real money and time. Sure it's possible to acquire patents purely for defensive use, but this represents an overhead that produces no benefits (other than lawsuit insurance).

People like me, who are against software patents, believe that the entire patent system directly and indirectly diverts resources away from legitimate R&D. It's really painful to pay money to support a known broken patent system.

In the end Gosling is right, "Even though we had a basic distaste for patents, the game is what it is, and patents are essential in modern corporations"

Just a thought

Given how difficult building solid state random access flash with many writes and fast performance seems to be, why don't they apply technology already known to work - such as dram + battery pack.

It could be much slower than normal ram and still be acceptable as a disk, thus solving heat dissipation issues. How much current does dram need just to refresh? Combined with a built in fuel cell, it might last unpowered for years.

@ysth

I'll vote the same way as you, but large companies with large pocketbooks are the typical beneficiaries of software patents.

It enables them to have monopolies on software algorithms, even when independently implemented in someone else's source code on an irrelevant project. This makes them far more powerful than copyrights.

Software patents are a big burden for open source projects in particular, because the developers are usually just individuals using their technical skills to solve their own problems.

At least google has the resources to fight oracle, and failing that, the cash to license the patents. Most of us do not, and innovation not only stalls, but reverses when developers are forced to remove features to avoid litigation.

@J 3

"If Java is licensed under GPL (even if v 2), no one can restrict where or how it can be run -- that's one of the four basic freedoms."

If I write code, and it happens to contain patented algorithms, the patent holder has the right to control the use of my code until their patent runs out. It doesn't matter what license I use for my code.

As you can tell from the downvotes on my earlier post, it is unpopular to even suggest that the GPL may be inadequate for legal protection. Regardless, the fact remains that nearly all modern software, open source included, is subject to patents not belonging to the copyright holder.

There is no license which can be invented to override the patents of others. At best, a license can revoke all rights to the patent holders who would try to enforce their patent against the license, which is what the GPL does.

Many OS projects are in a state of denial when they claim "X does not infringe any patents". GPL code does not exempt developers from patent obligations. All this is why software patents should be abolished, people should never be prevented from using and licensing their own code however they see fit. It was wrong to ever grant software algorithms patent protection in the first place.

"Does the license trumps the patent (I'd think so), or vice-versa? "

It's not about one or the other taking precedence, they're different protections. Software patents protect the maths/algorithms, copyrights protect the source code. Owning a patent does not give the holder rights to other's source code, but it can control the commercial use of it.

Re:serious damage to Google

"So I seriously hope that Oracle f*** the living daylights out of Google. Sadly, they will probably just settle for some money."

So the enemy of your enemy is your friend?

Google certainly has some evil streaks, no question. But you also need to have foresight to see that there will be many casualties other than google resulting from oracle's power play.

For all the major "IP" battles that make it on radar, there are many more where medium/small developers have had to exclude features and re-implement their own source code to avoid algorithms. Write software = violate patents. This inefficiency for developers encourages trolling behavior over R&D.

We need to stand up and say no more software patents. I'm afraid even the UK is at risk of defecting from reason despite the evidence of how unworkable these things are in the US.

@Stiggy

"This really jars with my understanding of the open source ethos. I'm cheering for Google FTW on this one."

I guess it depends on the license. I believe Java was released under the GPL2, which is from the early 90's and predates a lot of the stupid software patenting issues we have now, so it may be a little inadequate.

Hypothetically google may have signed agreements with sun so that it could use and modify java source code and not be liable under the GPL. If so, it may be under these agreements that oracle is now attacking google.

Legally, I don't think oracle can back away from any of the decisions sun made to open source java. However oracle may have their own patents which are not subject to the GPL. Even if the code was written by someone else at sun, under US patent law it's infringing upon "oracle's technology". If java infringes on oracle patents, oracle can use the courts to coerce all java users in existence to pay up.

As much as I'd hate the outcome, I imagine oracle has a very good shot at winning this one.

@Flocke Kroes

"Non-techies can often remember one decent password if they press the key above or to the right each letter of a memorable quote"

Ideally passwords are truly random, but since we're subject to human limitations, we often resort to quasi random generated passwords. Just don't make your algorithm public, otherwise attackers can make the same substitution on their end to compensate.

"If a site should not need a password, try to log in as 'username' with 'password'. "

@Jon Press

I've been advocating secure cryptographically sound encryption technology that for a while. Especially as it relates to banking, though it could be used for many other communications as well.

Unfortunately, and I hate to point this out, even on these forums the level of ignorance is an impediment. We, the technology leaders, are doing a bad job communicating a consistent message to the public.

We often blame users for lax security, but we're as much to blame for not universally adopting better cryptographic authentication technology on our end.

Backup vs Replication

Chris Evans is wrong:

"Traditional replication goes against the premise for which backups are taken - to recover to a point in time at which data was lost or corrupted....The second point (corruption) is probably the most important reason why traditional replication can’t replace backup - corrupted data would be replicated...In summary, traditional replication will not replace backup"

If "replication" equals "raid", then he is correct that logical corruption affects all copies, but then this solution is a bit unimaginative.

One tool which should be on everyone's list is rsync, which can do versioning on disk. In fact it even prevents the need for multiple copies of the same file via hardlinks, making it efficient enough for many scenarios.

Evan Unrue's claims are all valid:

"CDP replication mitigates the risk of replicating corruption because you have very granular restore capability being able to recover to a specific point in time"

I'm not sure that a point in time is necessary over an hourly or daily snapshot. Maybe for database records "point in time" is advantageous, but it's not obviously clear that it's always necessary to restore a file to the minute or second. For some, higher performance and efficiency may be more critical.

Claus Egge makes sense too:

Claus does a good job explaining how they can be unified.

His description of backup/replication contradicts Chris's.

Interestingly, Claus calls Continuous Data Protection a "backup" techology, while Evan called it a "replication" technology. Personally, I don't care either way since I acknowledge there is functional overlap.

"Yet, there is no technical reason for not eliminating tape entirely."

Ultimately, when it comes to capabilities, disks are supersets of tape. They can do anything a tape can do, and then some.

Phil Jones:

"you need both replication and backup because the two are not the same, and nor are they alternatives to each other...all need careful thought when building your backup strategy, and cannot simply be achieved just by implementing some form of replication."

While I have no specific disagreement, Phil seems to imply that they cannot be unified into a single solution that does both. CDP really blurs the lines as well. There's nothing wrong with being traditional, but Phil should consider updating his wording.

Re: Troll-zapping

That's an interesting point, but considering P/E ratios are ridiculously estimated to be anywhere between 25-50, verminx shareholders would probably expect a bid amounting to many times what today's lawsuits are worth.

Secondly, I don't expect anyone to spend good cash on a company just to throw away the assets.